change best_match_len to -1 to allow for 0-length (ie root) entries to be looked...

diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc
index 11519095166be7acef8b47bbefe54515d0a68a63..d3b96e87be0e5f5e8e289e1f063a114360434977 100644 (file)
--- a/pdns/dnsbackend.cc
+++ b/pdns/dnsbackend.cc
@@ -44,12 +44,12 @@ bool DNSBackend::getRemote(DNSPacket *p, struct sockaddr *sa, Utility::socklen_t
   return true;
 }
 
-bool DNSBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId, const size_t best_match_len)
+bool DNSBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId, const int best_match_len)
 {
   bool found=false;
   string subdomain(target);
   do {
-    if( best_match_len >= subdomain.length() )
+    if( best_match_len >= (int)subdomain.length() )
       break;
 
     if( this->getSOA( subdomain, *sd, p ) ) {
@@ -415,7 +415,7 @@ bool _add_to_negcache( const string &zone ) {
     return false;
 }
 
-inline int DNSReversedBackend::_getAuth(DNSPacket *p, SOAData *soa, const string &inZone, int *zoneId, const string &querykey, const size_t best_match_len) {
+inline int DNSReversedBackend::_getAuth(DNSPacket *p, SOAData *soa, const string &inZone, int *zoneId, const string &querykey, const int best_match_len) {
     static int negqueryttl=::arg().asNum("negquery-cache-ttl");
 
     DLOG(L<<Logger::Error<<"SOA Query: " <<querykey<<endl);
@@ -426,7 +426,7 @@ inline int DNSReversedBackend::_getAuth(DNSPacket *p, SOAData *soa, const string
      * the risk of something being added to the neg-querycache that may
      * interfear with future queries
      */
-    if( best_match_len >= querykey.length() ) {
+    if( best_match_len >= (int)querykey.length() ) {
         DLOG(L<<Logger::Error<<"Best match was better from a different client"<<endl);
         return GET_AUTH_NEG_DONTCACHE;
     }
@@ -452,16 +452,14 @@ inline int DNSReversedBackend::_getAuth(DNSPacket *p, SOAData *soa, const string
 
     // Got a match from a previous backend that was longer than this - no need
     // to continue.
-    if( best_match_len && best_match_len >= diff_point ) {
+    if( best_match_len && best_match_len >= (int)diff_point ) {
         DLOG(L<<Logger::Error<<"Best match was better from a different client"<<endl);
         return GET_AUTH_NEG_DONTCACHE;
     }
 
-    // Strings totally different. If we want to store root records in the
-    // database (and the database supports zero-length keys) we could probably
-    // just remove this test but would need testing to ensure the rest of the
-    // functions worked correctly
-    if( diff_point == 0 )
+    // If diff_point is 0 then either strings are totally different OR root
+    // zone was returned.
+    if( diff_point == 0 && foundkey.length() != 0 )
         return GET_AUTH_NEG_CACHE;
 
     /* If the strings are the same (ie diff_point == querykey.length()) then we
@@ -522,7 +520,7 @@ inline int DNSReversedBackend::_getAuth(DNSPacket *p, SOAData *soa, const string
     return GET_AUTH_NEG_CACHE;
 }
 
-bool DNSReversedBackend::getAuth(DNSPacket *p, SOAData *soa, const string &inZone, int *zoneId, const size_t best_match_len) {
+bool DNSReversedBackend::getAuth(DNSPacket *p, SOAData *soa, const string &inZone, int *zoneId, const int best_match_len) {
     // Reverse the lowercased query string
     string zone = toLower(inZone);
     string querykey( zone.rbegin(), zone.rend() );

diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh
index 1ed7d748e66b344afafdca4b36dd12a1475dae69..f279e02c65d8bff8dd93608bf48c166c43b51eef 100644 (file)
--- a/pdns/dnsbackend.hh
+++ b/pdns/dnsbackend.hh
@@ -139,7 +139,7 @@ public:
   virtual void getAllDomains(vector<DomainInfo> *domains) { }
 
   /** Determines if we are authoritative for a zone, and at what level */
-  virtual bool getAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId, const size_t best_match_len);
+  virtual bool getAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId, const int best_match_len);
 
   struct KeyData {
     unsigned int id;
@@ -354,8 +354,8 @@ class DNSReversedBackend : public DNSBackend {
          * */
         virtual bool getAuthData( SOAData &soa, DNSPacket *p=0) { return false; };  // Must be overridden
 
-        bool getAuth(DNSPacket *p, SOAData *soa, const string &inZone, int *zoneId, const size_t best_match_len);
-        inline int _getAuth(DNSPacket *p, SOAData *soa, const string &inZone, int *zoneId, const string &querykey, const size_t best_match_len);
+        bool getAuth(DNSPacket *p, SOAData *soa, const string &inZone, int *zoneId, const int best_match_len);
+        inline int _getAuth(DNSPacket *p, SOAData *soa, const string &inZone, int *zoneId, const string &querykey, const int best_match_len);
 
         /* Only called for stuff like signing or AXFR transfers */
         bool _getSOA(const string &rev_zone, SOAData &soa, DNSPacket *p);

diff --git a/pdns/ueberbackend.cc b/pdns/ueberbackend.cc
index ddd541c5300c312b12c682abe35c3c50a24a7202..4206931638ffe596d0045a72ac0ff99b916c7976 100644 (file)
--- a/pdns/ueberbackend.cc
+++ b/pdns/ueberbackend.cc
@@ -302,7 +302,7 @@ void UeberBackend::check_op_requests()
 
 bool UeberBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId)
 {
-  size_t best_match_len = 0;
+  int best_match_len = -1;
   bool from_cache = false;  // Was this result fetched from the cache?
 
   check_op_requests();
@@ -349,11 +349,11 @@ bool UeberBackend::getAuth(DNSPacket *p, SOAData *sd, const string &target, int
 
         // Shortcut for the case that we got a direct hit - no need to go
         // through the other backends then.
-        if( best_match_len == target.length() )
+        if( best_match_len == (int)target.length() )
             goto auth_found;
     }
 
-  if( best_match_len == 0 )
+  if( best_match_len == -1 )
       return false;
 
 auth_found: